Written by Gábor Pék
One of the most difficult parts in IT security is to get started. There are zillions of interesting topics all around, but if you are completely new in this area you can easily get lost. Fortunately, there are a massive number of security tools online that help you to solve complex problems faster and easier even if you do not understand all the backgrounds. Distributions like Kali Linux, for example, are heavily armoured by the most recent security tools to help you automatize your daily routines in penetration testing. Such tools, however, are not only for beginners.
As Charlie Miller said in his interview “security is best learned by doing.” Today, everybody is using security tools, because we do not have time to implement everything from scratch. At the same time, if a new problem emerges someone is going to release a tool very soon. These tools are among the key driving forces of IT security. Experts like j00ru use all the classics such as IDA Pro or peda. Top CTF teams such as CyKor heavily use Fiddler, Paros and Burp Suite for web challenges. Long story short, tools are essential in IT security.
All right, I have tools, but how can I try them out?
As the question above says another problem is that the use case (e.g., network traffic to analyze a problem, memory snapshot to find a specific code loading technique) is missing most of the time. If we lack such use cases, the tool and the corresponding problem cannot be understood well. Creating such use cases, however, is time consuming and requires substantial expertise.
We now launch tutorials called avataoTools for various security tools with real use cases to help people to get familiar with the tools needed to solve IT security problems. All the tutorials are created by field experts and provide a step-by-step description for a problem that a given tool tackles. These preconfigured use cases (e.g., files, prepared environments) highlight the features and advantages of these tools and prepare the users to apply these tools later on.
Our first tutorials drive you through a handful of security tools:
- the Unicorn CPU emulator framework,
- the sqlmap utility to exploit a massive range of SQL injection vulnerabilities, and
- the John the Ripper password cracker utility.
Wireshark and nmap tutorials are coming soon.
Comment if you have suggestions for other interesting tools! We are looking forward to your feedback.
The security model of web is rooted in the same-origin policy. Each origin is isolated from the rest of the web and codes should only have access to their origin’s data. Because of this model, browsers trust every code that shows up on a page as it’s a part of the...
In our previous blog, we gave you a small introduction to Cross-site Scripting (XSS) attacks and added some easy challenges to get a taste of web security. It seems, however, that XSS is still one of the top vulnerabilites on the web. An attack against Yahoo Mail and...
Binary analysis starts with the understanding of different file formats. Fortunately, there are several tools (e.g., CFF explorer, FileAlyzer) which help you to understand their internal structure, however, most of these tools are not generic enough and do not expose...